Client-side encryption¶
If you want to encrypt data that is uploaded to the cloud by an offline-first app, it makes sense to keep the local copy of the data in-the-clear, and encrypt the data only just before it is uploaded.
With Kinto, your records can have a text field that stores the encrypted attributes:
{
"id": "498e1015-92a5-46d5-9008-2b157338bbd1",
"last_modified": 1478257378677,
"payload": "b0WucBajkcjNRKOipTWDetHjn7VTQnxqjVz/DW5cyVtinBpq0+oC2H/W6Di3K0pEAzKmmxJBFKDb4LmWIN2OSj9z4HJMmHLQ8qDXWoZ//aOeJWlDlsTDBcBgJzNqX1Mz/frYMo1iLD5ULsW4iXexZbyI7WWAqZPy4l0twyViSMXAH7Memy4HPDf0R4s6vn3g"
}
The client will encrypt the payload before sending to the server, and decrypt it upon reception.
See the online demo that leverages kinto.js and WebCrypto, and read the complete tutorial!